+/// TODO: return a Result<string, DecryptError>\r
+pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {\r
+ let key_as_bytes = decode_key(key).map_err(|e| DecryptError::KeyError(e))?;\r
+\r
+ // Can't decrypt a message with the wrong version.\r
+ if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }\r
+\r
+ let cipher_text_bytes =\r
+ base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])\r
+ .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;\r
+\r
+ let iv = &cipher_text_bytes[0..16];\r
+ let hash = &cipher_text_bytes[16..48];\r
+ let encrypted_message = &cipher_text_bytes[48..];\r
+\r
+ let plain_message_bytes =\r
+ symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+ .map_err(|_e| DecryptError::UnableToDecrypt)?;\r
+\r
+ if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }\r
+\r
+ let plain_message =\r
+ String::from_utf8(plain_message_bytes)\r
+ .map_err(|_e| DecryptError::UnableToDecodeMessageAsUTF8String)?;\r